Nice catch :)
Happened to me with my first pipeline rule.
On Thursday, January 5, 2017 at 9:44:30 AM UTC-6, Frank wrote:
>
> Well, adding a "when" does certainly help, My bad!
>
> rule "blacklist"
> when
> contains(to_string($message.message), "systemd")
> then
> drop_message();
> end
>
>
>
Hello All,
Due to limited functionality with statistical capabilities with graylog2 we
are looking to forward our modified logs to Splunk that has a limited
license.
Now, sending the raw data as an output from graylog is fairly easy with an
existing plugin on the marketplace.
However, we
